Lead Cloud Security Engineer, Security Engineering ABOUT THE ROLE -  Remote (US)

Stitch Fix is looking for a Lead Cloud Security Engineer to help secure our cloud platforms and lead the development of advanced security controls to protect and safeguard the organization.

The individual in this role will be part of the Security Engineering Team and work closely with the various Platform teams at Stitch Fix in order to build security technologies. In addition, the individual will step in and contribute their technical expertise in areas like Cloud Security Engineering and Infrastructure Security. The candidate should have strong experience with securing infrastructure in a production cloud environment using modern design paradigms like infrastructure-as-code (IaC). 

Our team members are given a great deal of autonomy in the pursuit of keeping Stitch Fix secure, and a successful candidate will demonstrate strong communication skills. They should be comfortable and feel productive working in a remote setting with a highly distributed engineering team.

We’re looking specifically for folks who are interested in building security features with empathy and a partnership driven approach. We rely on automation where possible, and strive to make our work well understood by the technical organizations we interface with. Stitch Fix is a fast-growing company, and our security program needs to be able to keep pace with that growth while not disrupting innovation.

REQUISITE SKILLS AND EXPERIENCE

Skills we are looking for are broad - building, deploying, and maintaining applications and services in an organization. We are open to software engineers, SREs, Platform engineers, and others without traditional security titles. We are looking for a mix of the following skills, and don’t expect candidates to be experts in all.

REQUIREMENTS

• Strong experience securing AWS in a production environment (IAM, CloudTrail, Secrets Manager, GuardDuty, Macie, etc.)
• Skills in implementing AWS native tooling to solve problems, especially around monitoring & observability. 
• Experience with leading cross-functional technical initiatives with partner groups (Engineering, Data Science, Product, etc.)
• Written / verbal communication skills - producing technical / architectural documentation and best practice guidance

NICE TO HAVES 

• Experience automating deployments and security controls using Terraform or CloudFormation
• Experience with container orchestration incl. ECS, EKS, and/or K8S
• Experience performing security-focused design and architecture reviews in AWS

ABOUT THE TECHNOLOGY

Technologies we rely on to pursue solutions to business problems include:

• Ruby on Rails
• AWS
• Golang
• CircleCI
• Docker
• HashiCorp Terraform
• Datadog

Even if you already have experience with these tools, you'll have the chance to get even better with them. And if you don't already use at least a few of these tools, we will help you learn and become effective with them.